It starts innocuously enough. You receive an email from a colleague; just the regular kind of short message they’re always sending and a link to an article they thought you’d like. But when you click on it, your troubles start.
It’s not The Australian or The New York Times that you’re taken to. Instead, you’re directed to a screen that tells you all of the data stored on your computer has been encrypted. Worse still, you’re not going to get it back unless you pay. And to top it off, for every 30 minutes you delay, a piece of data will be destroyed or the price of having it unlocked will increase.
What’s happened is that you’ve just downloaded dangerous ransomware to your system. And ransomware is on the rise.
How ransomware works
Unlike other cyber-attacks which tend to try to steal your data (especially your financial data), ransomware is – at least in one sense – decidedly low-tech in its approach. It’s the cyber equivalent of kidnapping, it’s just that instead of taking people hostage, the scammers hold your data.
They do this by introducing a file to your computer, often via a fake email link. Like our scenario above, scammers using ransomware often ‘scrape’ people’s social media profiles or company websites to impersonate someone close to them. Alternatively, they may try to introduce ransomware onto your computer through a fake warning ‘pop up’, which tells you that you have been engaging in illegal activity. The only thing you can do to remedy it is to select the link.
Whichever method the scammers use to expose you to ransomware, the result is the same: when you click on a link to find out more, the ransomware injects a script onto your machine which encrypts all your files and locks you out from accessing them. To get them back, you’ll usually have to deposit bitcoin into the scammers’ accounts – although some enterprising scammers will offer a range of payment options, including credit cards.
What if this happens to you?
The most immediate question becomes whether or not to pay the scammers to get your files back. Many people choose to do so.
In 2013, the most famous ransomware, Cryptolocker, reportedly made its developers more than US$30m in just 100 days. In February 2016, one US-based hospital had all its patient files locked away for more than a week until it paid around US$17,000 (A$22,300) to have them decrypted. And hospitals around the world are increasingly being targeted. But financial services businesses are particularly vulnerable too, given that they rely on extensive client files. After all, if you lose your client data it could cost your business thousands, even hundreds of thousands of dollars….
But that still doesn’t mean you should pay.
The good news is that as ransomware becomes more common, some good Samaritans have started posting free decrypting software online, which will do the job for you. However, decrypting software isn’t yet available for every type of ransomware.
Another option may be to pay an IT professional to take it off for you (although you may still lose data unless you have backups). However, that’s likely to be more expensive than paying off the scammers. At least, that’s what they’re counting on.
But, by not doing so, you’re putting money into the hands of criminals and encouraging them to continue with their scam.